German parents told to destroy Cayla dolls over hacking fears

  • Published
Cayla dollImage source, Getty Images
Image caption,

The My Friend Cayla doll has been shown in the past to be hackable

An official watchdog in Germany has told parents to destroy a talking doll called Cayla because its smart technology can reveal personal data.

The warning was issued by the Federal Network Agency (Bundesnetzagentur), which oversees telecommunications.

Researchers say hackers can use an unsecure bluetooth device embedded in the toy to listen and talk to the child playing with it.

But the UK Toy Retailers Association said Cayla "offers no special risk".

In a statement sent to the BBC, the TRA also said "there is no reason for alarm".

The Vivid Toy group, which distributes My Friend Cayla, has previously said that examples of hacking were isolated and carried out by specialists. However, it said the company would take the information on board as it was able to upgrade the app used with the doll.

But experts have warned that the problem has not been fixed.

The Cayla doll can respond to a user's question by accessing the internet. For example, if a child asks the doll "what is a little horse called?" the doll can reply "it's called a foal".

Media caption,

Rory Cellan-Jones sees how Cayla, a talking child's doll, can be hacked to say any number of offensive things.

A vulnerability in Cayla's software was first revealed in January 2015.

Complaints have been filed by US and EU consumer groups.

The EU Commissioner for Justice, Consumers and Gender Equality, Vera Jourova, told the BBC: "I'm worried about the impact of connected dolls on children's privacy and safety."

The Commission is investigating whether such smart dolls breach EU data protection safeguards.

In addition to those concerns, a hack allowing strangers to speak directly to children via the My Friend Cayla doll has been shown to be possible.

The TRA said "we would always expect parents to supervise their children at least intermittently".

It said the distributor Vivid had "restated that the toy is perfectly safe to own and use when following the user instructions".

Privacy laws

Under German law, it is illegal to sell or possess a banned surveillance device. A breach of that law can result in a jail term of up to two years, according to German media reports.

Germany has strict privacy laws to protect against surveillance. In the 20th Century Germans experienced abusive surveillance by the state - in Nazi Germany and communist East Germany.

The warning by Germany's Federal Network Agency came after student Stefan Hessel, from the University of Saarland, raised legal concerns about My Friend Cayla.

Mr Hessel, quoted by the German website Netzpolitik.org, external, said a bluetooth-enabled device could connect to Cayla's speaker and microphone system within a radius of 10m (33ft). He said an eavesdropper could even spy on someone playing with the doll "through several walls".

A spokesman for the federal agency told Sueddeutsche Zeitung daily , externalthat Cayla amounted to a "concealed transmitting device", illegal under an article in German telecoms law (in German)., external

"It doesn't matter what that object is - it could be an ashtray or fire alarm," he explained.

Manufacturer Genesis Toys has not yet commented on the German warning.